Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-27 | CVE-2023-28770 | Information Exposure Through Discrepancy vulnerability in Zyxel Dx5401-B0 Firmware The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file. | 7.5 |
| 2023-04-25 | CVE-2022-40482 | Information Exposure Through Discrepancy vulnerability in Laravel Framework The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. | 5.3 |
| 2023-04-24 | CVE-2023-30458 | Information Exposure Through Discrepancy vulnerability in Medicine Tracker System Project Medicine Tracker System 1.0 A username enumeration issue was discovered in Medicine Tracker System 1.0. | 5.3 |
| 2023-04-21 | CVE-2023-26556 | Information Exposure Through Discrepancy vulnerability in Iofinnet Tss-Lib io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). | 9.1 |
| 2023-04-21 | CVE-2023-26557 | Information Exposure Through Discrepancy vulnerability in Iofinnet Tss-Lib io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. | 7.5 |
| 2023-04-21 | CVE-2023-1998 | Information Exposure Through Discrepancy vulnerability in multiple products The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. | 5.6 |
| 2023-03-30 | CVE-2023-25000 | Information Exposure Through Discrepancy vulnerability in Hashicorp Vault HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. | 4.7 |
| 2023-03-28 | CVE-2023-26071 | Information Exposure Through Discrepancy vulnerability in Harpaitalia Mcuboict 10.12.4 An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). | 7.5 |
| 2023-03-27 | CVE-2022-41354 | Information Exposure Through Discrepancy vulnerability in Linuxfoundation Argo-Cd An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications. | 4.3 |
| 2023-03-21 | CVE-2023-1538 | Information Exposure Through Discrepancy vulnerability in Answer Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | 5.3 |